C2150-400 - IBM Security Qradar SIEM Implementation v 7.2.1
Go back to IBM
Which two search filters are available on the QRadar console while making an asset search? (Choose two.)
Vulnerability CVSS Base Score. Vulnerability Risk Score
Vulnerability on Source Port, Vulnerability on Destination Port
What does QRadar use to group the event or flow according to the network?
Which two file systems does QRadar support for offboard storage partitions? (Choose two.)
Which two authentication methods for the QRadar User Interface are valid? (Choose two.)
Remote Authentication Dial In User Service (RADIUS)
Terminal Access Controller Access-Control System (TACACS)
You have been asked to forward all event logs from QRadar to another central syslog server with the IP of 172.16.77.133. You also want the events to be processed by the CRE, but not stored on the system. What will allow you to do this process?
Add a Routing Rule that under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the "Raw Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.
An off-site source can connect to which component?
There are unknown log records from unsupported security device events in the Log activity tab. You are planning to write an LSX for an unsupported security device type based on UDSM. What is the file format and payload option for exporting the unknown log records?
XML and visible column
Which character is used for naming subgroups when using the option Add Group in the Network Hierarchy editor?
In which two ways can an administrator view all the events that are related to an offense from the Offense Details screen? (Choose two.)
Click on Display > Sources
Click on Event/Flow Count field's Events link
Where do you save the "Login Message File" on the system when setting up a banner message for the authentication page?
What two are valid actions that a user can perform when monitoring offenses? (Choose two.)
Hide or close an offense from any offense list
What should be the latency between the primary and secondary HA hosts?
Less than 2 milliseconds
Which two proxy options are required to be set when using a Proxy Server for Auto Updates in QRadar? (Choose two.)
Proxy Server URL
Which expression imports all xml files in the report directory if the administrator is configuring a Nessus Scanner?
What is a benefit of enabling indexes on event properties?
Improved search performance
What is the minimum bandwidth needed between the primary and secondary HA host?
1 gigabits per second (Gbps)
Which IP address of a NATed server is used to access the server from outside the network?
Public IP address
On the QRadar console you have received notification that CVE ID: CVE-2010-000 is being actively used. What search parameter should you select from the list of search parameters in this situation?
Vulnerability Information System
A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningful offenses for the environment. Which role permission is required for enabling and disabling the rule?
Offenses > Manage Custom Rules
What will be restored when restoring event data or flow data for a particular period to a MH?
Only event data or flow data for the MH being restored will be restored to that MH.
A QRadar SIEM administrator wants to create a Flow Rule that includes a building block definition (BB) that includes applications that indicate communication with file sharing sites. In which group will the administrator find this specified building block?
A QRadar administrator is sizing a distributed deployment. The deployment has approximately 2 million flows per minute (FPM) and needs at least 7 terabytes of storage. Which architecture is correct?
Two 1724 flow processors
Which two statements are true regarding QRadar Log Sources and DSMs? (Choose two.)
One log source must have many DSMs.
One DSM can be used in many log sources.
What is the result when adding host definition building blocks to QRadar?
Reduces false positives
A customer has log files from Windows-based systems and wants to push those logs to the QRadar console. What options should the customer use in WinCollect to collect and forward these logs?
A user of QRadar wishes to have a report showing the number of bytes per packet they see with their flows. The user decides to create a Custom Flow Property for this application. Which type of custom property is required for this to be accomplished?
Regex Custom Property
Which Permission Precedence should be applied to the users security profile assuming the administrators only want the group to have access to Windows events and flows and not events from other networks?
Networks AND Log Sources
What should the format of a CSV file be while importing assets on the QRadar console?
Which configuration window defines the maximum number of TCP syslog connections?
Which line color inside the deployment editor signals that encrypted communication has been selected for the managed hosts in a distributed environment?
What is used to collect netflow and jflow traffic in a QRadar Distributed Deployment?
QRadar 3124 Console
Which two actions can be selected from the license drop-down in the system and license management screen when working with a new license? (Choose two.)
Allocate license to system
Which command will install the patch after mounting the patch file?
Which attribute is valid when defining the user roles to provide the necessary access?
Admin: System Administrator
There is a requirement at the customer site to double the default QFlow Maximum Content Capture size. What would be the resulting packet size?
A mail server typically communicates with 50 hosts per second in the middle of the night and then suddenly starts communicating with 1.000 hosts a second. The administrator wants to get an email alert whenever this situation is being observed. Which type of rule should an administrator create to monitor this situation?
Which option will display the rule that triggered an offense from Offense Details screen?
Display > Rules
Which tab in the QRadar web console allows flows to be monitored and investigated?
Which option needs to be specified in the syslinux configuration file to reinstall an IBM QRadar appliance via serial port from an USB flash-drive?
What does the message in the System Notification Widget on the Dashboard "Disk sentry: System disk usage back to normal levels." tell you?
One of your File Systems has been reduced to below 92%.
Which operating system is supported for creating a bootable flash drive for recovery?
What is a valid QVM scan status?
What does Server discovery allow the QRadar administrator to do?
You have created an LSX log parser document to process the unknown log events from your unsupported log source. The events are coming up with Log source type GenericDSM and the correct Log Source Event ID. What is the next step in this process?
Run the qidmap.pl script to create high level and low level categories from the command line
What functionalities of QRadar provide the ability to collect, understand, and properly categorize events from external sources?
Which default flow source is included in the QRadar SIEM?
How frequently does the Automated Update Process run if Configuration files are updated on Primary and then Deploy Changes is not performed, and the updates are made on the Secondary host through an Automated Update Process?
Every 60 minutes
Which NetFlow versions does QRadar SIEM support?
1, 5, 7, and 9
What type of users can view all reports that are created by other users?
A customer has a requirement to integrate with QRadar to capture events coming from IBM DB2. Which protocol should an administrator use to integrate Log Enhanced Event format (LEEF) events while configuring Log Sources on QRadar console?